0
Active Directory
Active Directory is a set of networking services made by Microsoft. Questions about using and configuring Active Directory belong here.
849 Questions
There are2 types of replication.
1 AD replication
2 Sysvol replication
AD replication uses RPC.
Sysvol uses DFS Replication (DFSR) service, if Domain is at2008 functional level and all DCs are WIndows Server2008 or higher OS version. If domain functional level is2003, Sysvol uses NT File Replication Service (NTFS)
What naming contexts are replicated across an entire active directory forest?
Active Directory NC (Naming Context's)
- Active Directory consists of three partitions or naming contexts (NC)
- Domain, Configuration and Schema Naming Contexts
- Each are replicated independently
- An Active Directory forest has single schema and configuration
- Every domain controller (DC) holds a copy of each (schema, configuration NC's)
- Forest can have multiple domains
- Every domain controller in a domain holds a copy of the domain NC
Active Directory data is logically partitioned so that each domain controller does not store all objects in the directory. Each directory partition, also called a naming context, contains objects of a particular scope and purpose. Below are the three major Active Directory partitions described:-
· Schema Partition defines the object classes and their attributes for the entire directory. The configuration is replicated to everydomain controller in the forest.
· Domain Partition contains all the objects stored in a domain, including users, groups, computers, and group policy containers (GPCs). This partition information is replicated to all domain controllers within a domain, but not to domain controllers in other domains.
· Configuration Partition contains objects that represent the logical struct-er of the forest, domains, as well as the physical topology, including sites, subnets, and services.
Application Directory Partition replicates directory partition only to specific domain controllers. This is responsible for generating and maintaining Replication topology. Objects stored in Application directory partition are not replicated to the Global Catalog.
- <
Which dns record type is required by active directory t allow clients to locate ad resources?
SRV Resource Records
When a Windows 2000-based domain controller starts up, the Net Logon service uses dynamic updates to register SRV resource records in the DNS database, as described in "A DNS RR for specifying the location of services (DNS SRV)
The SRV record is used to map the name of a service (in this case, the LDAP service) to the DNS computer name of a server that offers that service. In a Windows 2000 network, an LDAP resource record locates a domain controller.
A workstation that is logging on to a Windows 2000 domain queries DNS for SRV records in the general form:
_Service ._ Protocol . DnsDomainName
Active Directory servers offer the LDAP service over the TCP protocol; therefore, clients find an LDAP server by querying DNS for a record of the form:
_ldap._tcp. DnsDomainName
_msdcs Subdomain
There are possible implementations of LDAP servers other than Windows 2000-based domain controllers. There are also possible implementations of LDAP directory services that employ Global Catalog servers but are not servers that are running Windows 2000. To facilitate locating Windows 2000-based domain controllers, in addition to the standard _ Service ._ Protocol . DnsDomainName format, the Net Logon service registers SRV records that identify the well-known server-type pseudonyms "dc" (domain controller), "gc" (Global Catalog), "pdc" (primary domain controller, and "domains" (globally unique identifier, or GUID) as prefixes in the _msdcs subdomain. This Microsoft-specific subdomain allows location of domain controllers that have Windows 2000-specific roles in the domain or forest, as well as the location by GUID when a domain has been renamed. To accommodate locating domain controllers by server type or by GUID (abbreviated "dctype"), Windows 2000-based domain controllers register SRV records in the following form:
_ Service ._ Protocol . DcType ._msdcs. DnsDomainName
The addition of the _msdcs subdomain means that two sets of DNS names can be used to find an LDAP server: DnsDomainName is used to find an LDAP server or Kerberos server that is running TCP (or, in the case of a Kerberos server, either TCP or the User Datagram Protocol [UDP]), and the subdomain _msdcs. DnsDomainName is used to find an LDAP server that is running TCP and also functioning in a particular Windows 2000 role. The name "_msdcs" is reserved for locating domain controllers. The single keyword "_msdcs" was chosen to avoid cluttering the DNS namespace unnecessarily. Other constant, well-known names (pdc, dc, and gc) were kept short to avoid exceeding the maximum length of DnsDomainName.
How does a client application identify a server application on another computer on the network?
By the port number or the port address
DNS stands for Domain naming system. it basicly translate ip address to host names and host names to ip address. If you use it on a local network it allows you to use your own naming conventions for your local subnet . Which helps to work easily in huge network need to remember only host names in network.
What is the difference between windows 2000 native mode and mixed mode?
The Mixed mode is for networks that have Windows 98/ME in addition to Windows 2000/XP/2003 clients. Mixed mode requires the RAC (Remote Application Client) to be installed for proper communication with the clients. The Native modeis for networks that consist only of Windows 2000/XP/2003 clients. The CMS server communicates natively with the clients using Windows networking features that aren't available in 98/ME clients. The RAC program is not needed. If you have no or few 98/ME clients, choose this option.
What is the server that provides quick object access universal groups and UPNs within an AD forest?
Global catalog...The global catalog provides quick object access to universal groups and UPNs within an AD forest.
What is KCC in active directory?
knowledge consistency checker- it generates the replication topology by specifying what domain controllers will replicate to which other domain controllers in the site. The KCC maintains a list of connections, called a replication topology, to other domain controllers in the site. The KCC ensures that changes to any object are replicated to all site domain controllers and updates go through no more than three connections. Also an administrator can configure connection objects.
http://technet.microsoft.com/en-us/library/cc751379.aspx
here are steps to create diagram of implemented AD in network
othere wise
1.forest( single AD has 1 forest but can connect to different forests)
2.tree(mutliple tree under it can be formed)
domain(multiple domains can be created in forest under different tree)
How will the procedure for defining access controls change after converting to the Active Directory?
ITT-Tech sucks bro.
How are the first directors of the company appointed?
Shareholder vote (or appointment if there is only one shareholder).
because this is important
Which person or team would install and configure a new domain controller?
any group ar user who has domain admin rights can do it
What is client side DNS resolver cache?
The client resolver cache is the first place that the DNS client looks for host name resolution. Because it is a location in memory, the client resolver cache resolves IP addresses more quickly than the other host name resolution methods and does not create network traffic. The cache stores host names that have recently been resolved. It also contains mappings that are loaded from the Hosts file. These mappings include the record name, Time-to-Live (TTL) value, and IP address.
Who produced Valerie Carters 2003 Double Live CD Midnight Over Honey River?
Rob Halprin Label Head For Carters Record Label VRP Music
Application Directory Partitions.
it needs to support SRV records.
How can you create multiple users in windows 2003 active directory?
Using Scripts
ADDUSERS.VBS
http//msdn.microsoft.com/scripting
Subhash
How do you repair Active Desktop in Windows XP?
The answer below works instantly if you are wanting to get rid of the black background for file name. I'm not sure what other symptoms Active Desktop has but will probably cure all.
- Open the Control Panel.
- Open Display Properties.
- Click the Desktop tab.
- Click the Customize Desktop button.
- Click the Web tab in the Desktop Items window.
If you wish to disable Active Desktop, make sure all checkboxes in this window are un-checked. (If you wish to enable the Active Desktop, check "My Current Home Page". Add your current home page into your desktop or click New to add another web page and/or other Active Desktop features. To update the content, click the Synchronize button.)
Couple of options to try.
Right click on desktop, select properties, then Themes, and change your current theme. Once you have done this, you should be able to go back to your original theme without the problem appearing.
If that doesn't work, try searching for a file called desktop.htt and deleting it (it is a hidden file so go to "advanced search" and make sure to check the box to search for hidden files). You can also try manually deleting this file, it should be located in your "Document and Settings" under your username -> Microsoft ->.
---------------------------------------------------------------------------------------------------------------------------------------------
If any of the above options do not work, go to Start > Run > type in "cmd" > Type in regedit and hit enter.
Once in regedit, go to Edit > Find > type in DeskHtmlVersion and click Find.
Change value from 110 to 0, and after clicking ok press F3.
Change the value each time you see DeskHtmlVersion pop up after pressing F3 - continue until it has reached the end of the registry.
Once completed, click any blank space on the desktop and press F5.
Your desktop should be back to normal after this.
How do you connect two domain controllers of different domains?
one needs to make trust between the domains. please check below the different types of the trusts
One-way trust
One domain allows access to users on another domain, but the other domain does not allow access to users on the first domain.
Two-way trust
Two domains allow access to users on both domains.
Trusting domain
The domain that allows access to users from a trusted domain.
Trusted domain
The domain that is trusted; whose users have access to the trusting domain.
Transitive trust
A trust that can extend beyond two domains to other trusted domains in the forest.
Intransitive trust
A one way trust that does not extend beyond two domains.
Explicit trust
A trust that an admin creates. It is not transitive and is one way only.
Cross-link trust
An explicit trust between domains in different trees or in the same tree when a descendant/ancestor (child/parent) relationship does not exist between the two domains.
Shortcut
Joins two domains in different trees, transitive, one- or two-way
Forest
Applies to the entire forest. Transitive, one- or two-way
Realm
Can be transitive or nontransitive, one- or two-way
External
Connect to other forests or non-AD domains. Nontransitive, one- or two-way.
Windows 2000 Server supports two-way transitive and one-way intransitive trusts. Administrators can create shortcuts.
Windows Server 2003 the forest root trust. This trust can be used to connect Windows Server 2003 forests if they are operating at the 2003 forest functional level. Authentication across this type of trust is Kerberos based (as opposed to NTLM). Forest trusts are transitive for all the domains in the trusted forests. Forest trusts, however, are not transitive.
netstat-m
